Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

VPN

noahsark
Level 1
Level 1

‎03-13-2008 03:54 PM

We need to change the IP address of our PIX firewall. We have almost 50 vpn tunnels (pre-dominantly PIX 501s) pointing towards our PIX515. Most tunnels are using crypto maps with access-lists and pre-shared keys . We need to set up the remote PIXes in advance so that the VPNs come back up after the IP address change. I've been able to get this to work with ASA5505s on the remote side. The new tunnels form automatically when the primary tunnel drops. However when we use PIX 501s, the new tunnel doesn't form until we clear the security association on the remote side. Is there any configuration which will allow us to have the tunnel failover to the new IP address?

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎03-14-2008 04:55 AM

I think "isakmp keepalive seconds [retry_seconds]" should help.

e.g. isakmp keepalive 10

0 Helpful
Customers Also Viewed These Support Documents